Discussion:
[lxc-users] Proper usage of fuidshift
Ron Kelley
2016-05-16 16:01:43 UTC
Permalink
Trying to understand the right way to use fuidshift. I have rsync'd a container from one server to another and the root/group IDs are off. Each time I start the container, I get permission denied errors (like root's .bashrc). I read the manpage for fuidshift but am still confused. Various incantations don't appear to put the right permissions on the container's files/directories. Can someone please give some guidance?

/etc/subgid output:
------------------------
rkelley:100000:65536
lxd:165536:65536
root:165536:65536
wpadmin:231072:65536


Container rsync'd from another server:
---------------------------------
***@hj-wp-container-mgmt-01:/var/lib/lxd/containers/CentOS7-PHP56-Baseline-Current# ls -la
total 4
drwxr-xr-x+ 3 root root 19 May 16 10:29 .
drwx--x--x 4 root root 131 May 16 10:33 ..
dr-xr-xr-x 19 100000 100000 4096 May 5 17:48 rootfs


New container on server:
-----------------------
***@hj-wp-container-mgmt-01:/var/lib/lxd/containers/test-container# ls -al
total 8
drwxr-xr-x+ 4 165536 165536 55 May 16 11:52 .
drwx--x--x 5 root root 152 May 16 11:52 ..
dr-xr-xr-x 18 165536 165536 4096 May 16 11:52 rootfs


From what I can see, the CentOS7-PHP56-Baseline-Current container should have root/group IDs of 165536/165536 but it has 100000/100000 instead.

My question is: how can I get the CentOS7-PHP56-Baseline-Current container to get the correct permissions using fuidshift?

Thanks.
Serge Hallyn
2016-05-16 16:12:12 UTC
Permalink
Post by Ron Kelley
Trying to understand the right way to use fuidshift. I have rsync'd a container from one server to another and the root/group IDs are off. Each time I start the container, I get permission denied errors (like root's .bashrc). I read the manpage for fuidshift but am still confused. Various incantations don't appear to put the right permissions on the container's files/directories. Can someone please give some guidance?
------------------------
rkelley:100000:65536
lxd:165536:65536
root:165536:65536
wpadmin:231072:65536
---------------------------------
total 4
drwxr-xr-x+ 3 root root 19 May 16 10:29 .
drwx--x--x 4 root root 131 May 16 10:33 ..
dr-xr-xr-x 19 100000 100000 4096 May 5 17:48 rootfs
-----------------------
total 8
drwxr-xr-x+ 4 165536 165536 55 May 16 11:52 .
drwx--x--x 5 root root 152 May 16 11:52 ..
dr-xr-xr-x 18 165536 165536 4096 May 16 11:52 rootfs
From what I can see, the CentOS7-PHP56-Baseline-Current container should have root/group IDs of 165536/165536 but it has 100000/100000 instead.
My question is: how can I get the CentOS7-PHP56-Baseline-Current container to get the correct permissions using fuidshift?
fuidshift /var/lib/lxd/containers/CentOS7-PHP56-Baseline-Current/rootfs -r b:0:100000:65536
fuidshift /var/lib/lxd/containers/CentOS7-PHP56-Baseline-Current/rootfs b:0:165536:65536

The first one reverts the old mapping, the second sets the new.

(You could do it all in one step, but I think this is the safest way)
Ronald Kelley
2016-05-16 16:57:03 UTC
Permalink
Thanks for the fast reply.

Just for clarity, the values you used are pulled directly from the /etc/subuid file for the lxd user, correct? We are looking into some system automation and want to make sure any new/copied container has the correct values.

Also, in what circumstance would you revert to the old values?
Post by Ron Kelley
Trying to understand the right way to use fuidshift. I have rsync'd a container from one server to another and the root/group IDs are off. Each time I start the container, I get permission denied errors (like root's .bashrc). I read the manpage for fuidshift but am still confused. Various incantations don't appear to put the right permissions on the container's files/directories. Can someone please give some guidance?
------------------------
rkelley:100000:65536
lxd:165536:65536
root:165536:65536
wpadmin:231072:65536
---------------------------------
total 4
drwxr-xr-x+ 3 root root 19 May 16 10:29 .
drwx--x--x 4 root root 131 May 16 10:33 ..
dr-xr-xr-x 19 100000 100000 4096 May 5 17:48 rootfs
-----------------------
total 8
drwxr-xr-x+ 4 165536 165536 55 May 16 11:52 .
drwx--x--x 5 root root 152 May 16 11:52 ..
dr-xr-xr-x 18 165536 165536 4096 May 16 11:52 rootfs
From what I can see, the CentOS7-PHP56-Baseline-Current container should have root/group IDs of 165536/165536 but it has 100000/100000 instead.
My question is: how can I get the CentOS7-PHP56-Baseline-Current container to get the correct permissions using fuidshift?
fuidshift /var/lib/lxd/containers/CentOS7-PHP56-Baseline-Current/rootfs -r b:0:100000:65536
fuidshift /var/lib/lxd/containers/CentOS7-PHP56-Baseline-Current/rootfs b:0:165536:65536

The first one reverts the old mapping, the second sets the new.

(You could do it all in one step, but I think this is the safest way)
_______________________________________________
lxc-users mailing list
lxc-***@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Serge E. Hallyn
2016-05-16 17:08:43 UTC
Permalink
Post by Ronald Kelley
Thanks for the fast reply.
Just for clarity, the values you used are pulled directly from the /etc/subuid file for the lxd user, correct? We are looking into some system automation and want to make sure any new/copied container has the correct values.
They're taken from your email :)

If you just use the lxd image publish/export/import workflows then you
don't have to do any shifting yourself.
Post by Ronald Kelley
Also, in what circumstance would you revert to the old values?
In the above, I was reverting so that I could then shift into the new
values.

(I was wrong in my earlier email - you could use find+chown to shift
directly from the old to the new mapping, but you can't do that with
fuidmap)

Loading...